# coding:utf-8
# Jboss CVE-2017-12149 反序列化批量检测脚本
# author：ske
# usage: python3 CVE-2017-12149_multi.py ipFile threadNum
# 默认请设置8080端口

import threading
from queue import Queue
import sys
import requests

event = threading.Event()
event.set()
q = Queue(-1)

class multi_thread(threading.Thread):
    def __init__(self,num,q):
        threading.Thread.__init__(self)
        self.num = num
        self.q = q
        self.headers = {"User-Agent":"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36"}


    def run(self):
        while event.is_set():                                               #is_set()查看信号，由于之前设置了Flag为True，所以为真
            if self.q.empty():                                              #如果队列空了就跳出循环，终止
                event.clear()
            else:                                                           #如果队列不为空
                ip = self.q.get()
                url = 'http://{}:{}'.format(ip, port)
                self.check_jboss(url)

    def check_jboss(self, url):
        try:
            r = requests.get(
                url=url+'/invoker/JMXInvokerServlet', headers=self.headers, timeout=10, allow_redirects=False)
            if r.status_code == 200:
                if r.headers['content-type'].count('serialized') or r.headers['Content-Type'].count('serialized'):
                    print('[OK] -> [{}] : {}'.format(self.num, url))
                    self.save(url)
            else:
                print('[-] -> [{}] : {}'.format(self.num, url))
        except Exception as e:
            error = e.args
            print('[-] -> [{}] {}  error : {}'.format(self.num, url, error))

    def save(self, url):
        with open('jboss_success.txt', 'at') as f:
            f.writelines('{}\n'.format(url))

def scan_thread():                                                         #参数是队列
    threads = []
    for num in range(1,thread_num+1):
        t = multi_thread(num,q)
        threads.append(t)
        t.start()
    for t in threads:
        t.join()

def get_ip():
    with open(path, 'rt') as f:
        for ip in f.readlines():
            q.put(ip.strip())

if __name__ == '__main__':
    try:
        port = int(input('请输入Jboss端口(默认8080)：'))
    except Exception as e:
        port = 8080
    path = sys.argv[1]  # /root/unAuth/mongodb/us.txt
    thread_num = int(sys.argv[2])
    get_ip()
    scan_thread()